# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
# Contributor: Cameron Banta <cbanta@gmail.com>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>

pkgname=nginx-naxsi
_pkgname=nginx
pkgver=1.16.1
pkgrel=2
pkgdesc="Lightweight HTTP and reverse proxy server with Naxsi WAF support, see also 'nxapi'"
url="https://github.com/nbs-system/naxsi"
arch="all"
license="custom"

# Modules
_ngx_naxsi_name=naxsi
_ngx_naxsi_ver=1.3
_ngx_naxsi_dir="$srcdir/$_ngx_naxsi_name-$_ngx_naxsi_ver/naxsi_src"

_ngx_cache_purge_name=ngx_cache_purge
_ngx_cache_purge_ver=2.3.0.1
_ngx_cache_purge_dir="$srcdir/$_ngx_cache_purge_name-$_ngx_cache_purge_ver"

_ngx_upstream_fair_name=nginx-upstream-fair
_ngx_upstream_fair_ver=0.1.3
_ngx_upstream_fair_dir="$srcdir/$_ngx_upstream_fair_name-$_ngx_upstream_fair_ver"

_ngx_http_sysguard_name=tengine-http-sysguard
_ngx_http_sysguard_ver=2.2.0
_ngx_http_sysguard_dir="$srcdir/$_ngx_http_sysguard_name-$_ngx_http_sysguard_ver"

depends="!nginx"
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev openssl-dev
	pcre-dev perl-dev pkgconf zlib-dev"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.pre-upgrade"
options="!check"
subpackages="$pkgname-doc"
source="https://nginx.org/download/$_pkgname-$pkgver.tar.gz
	naxsi-$_ngx_naxsi_ver.tar.gz::https://github.com/nbs-system/$_ngx_naxsi_name/archive/$_ngx_naxsi_ver.tar.gz
	ngx_cache_purge-$_ngx_cache_purge_ver.tar.gz::https://github.com/itoffshore/$_ngx_cache_purge_name/archive/v$_ngx_cache_purge_ver.tar.gz
	upstream-fair-$_ngx_upstream_fair_ver.tar.gz::https://github.com/itoffshore/$_ngx_upstream_fair_name/archive/$_ngx_upstream_fair_ver.tar.gz
	sysguard-$_ngx_http_sysguard_ver.tar.gz::https://github.com/itoffshore/$_ngx_http_sysguard_name/archive/v$_ngx_http_sysguard_ver.tar.gz

	anonymise.patch
	sysguard.patch

	nginx.initd
	nginx.logrotate
	nginx.conf
	default.conf
	sysguard.conf
	"
builddir="$srcdir"/$_pkgname-$pkgver

_modules_dir="usr/lib/nginx/modules"
_modules="
	http-geoip
	http-image-filter
	http-perl
	http-xslt-filter
	mail
	stream
	http-naxsi
	http-cache-purge
	http-upstream-fair
	http-sysguard
	"

for _m in $_modules; do
	subpackages="$subpackages $pkgname-mod-$_m:_module"
done


build() {
	./configure \
		--prefix=/var/lib/$_pkgname \
		--sbin-path=/usr/sbin/$_pkgname \
		--modules-path=/$_modules_dir \
		--conf-path=/etc/$_pkgname/$_pkgname.conf \
		--pid-path=/run/$_pkgname/$_pkgname.pid \
		--lock-path=/run/$_pkgname/$_pkgname.lock \
		--error-log-path=/var/log/$_pkgname/error.log \
		--http-log-path=/var/log/$_pkgname/access.log \
		--http-client-body-temp-path=/var/lib/$_pkgname/tmp/client_body \
		--http-proxy-temp-path=/var/lib/$_pkgname/tmp/proxy \
		--http-fastcgi-temp-path=/var/lib/$_pkgname/tmp/fastcgi \
		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
		\
		--user=$pkgusers \
		--group=$_grp_ngx \
		--with-threads \
		--with-file-aio \
		--without-http_uwsgi_module \
		--without-http_scgi_module \
		\
		--with-http_ssl_module \
		--with-http_v2_module \
		--with-http_realip_module \
		--with-http_addition_module \
		--with-http_sub_module \
		--with-http_dav_module \
		--with-http_flv_module \
		--with-http_mp4_module \
		--with-http_gunzip_module \
		--with-http_gzip_static_module \
		--with-http_auth_request_module \
		--with-http_random_index_module \
		--with-http_secure_link_module \
		--with-http_slice_module \
		--with-http_stub_status_module \
		--with-http_xslt_module=dynamic \
		--with-http_image_filter_module=dynamic \
		--with-http_geoip_module=dynamic \
		--with-http_perl_module=dynamic \
		--with-mail=dynamic \
		--with-mail_ssl_module \
		--with-stream=dynamic \
		--with-stream_ssl_module \
		\
		--add-dynamic-module="$_ngx_naxsi_dir" \
		--add-dynamic-module="$_ngx_cache_purge_dir" \
		--add-dynamic-module="$_ngx_upstream_fair_dir" \
		--add-dynamic-module="$_ngx_http_sysguard_dir"
	make
}

package() {
	make DESTDIR="$pkgdir" install

	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README

	cd "$pkgdir"

	install -Dm644 "$srcdir"/nginx.conf ./etc/$_pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf ./etc/$_pkgname/conf.d/default.conf
	install -m755 -D "$srcdir"/$_pkgname.initd ./etc/init.d/$_pkgname
	install -m644 -D "$srcdir"/$_pkgname.logrotate ./etc/logrotate.d/$_pkgname
	install -m644 -D "$srcdir"/naxsi-$_ngx_naxsi_ver/naxsi_config/naxsi_core.rules ./etc/nginx/naxsi_core.rules

	install -dm755 ./etc/$_pkgname/modules
	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname
	install -dm700 -o $pkgusers -g $_grp_ngx ./var/lib/$_pkgname/tmp

	ln -sf /$_modules_dir ./var/lib/$_pkgname/modules
	ln -sf /var/log/$_pkgname ./var/lib/$_pkgname/logs
	ln -sf /run/$_pkgname ./var/lib/$_pkgname/run

	rm -rf ./run ./etc/$_pkgname/*.default
	# scgi & uwsgi servers are disabled
	rm ./etc/$_pkgname/scgi_params ./etc/$_pkgname/uwsgi_params

	# add module configuration
	_mod_conf sysguard.conf nginx-naxsi-mod-http-sysguard
}

_module() {
	local name="${subpkgname#$pkgname-mod-}"
	name="${name//-/_}"
	soname="ngx_${name}_module.so"

	pkgdesc="$pkgdesc (module $name)"
	depends="!nginx-mod-$name"
	provides="$name"

	mkdir -p "$subpkgdir"/$_modules_dir
	cd "$subpkgdir"

	mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname
	mkdir -p "$subpkgdir"/etc/nginx/modules
	echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}

_mod_conf() {
	local conf=$1 module=$2
	install -Dm644 "$srcdir"/$conf ${pkgdir%/*}/$module/etc/nginx/conf.d/$conf
}
sha512sums="17e95b43fa47d4fef5e652dea587518e16ab5ec562c9c94355c356440166d4b6a6a41ee520d406e5a34791a327d2e3c46b3f9b105ac9ce07afdd495c49eca437  nginx-1.16.1.tar.gz
d7aac69b5eceeb1b0db4741201159ade1e0e7f6f7c3e8c4afa2f8959c6c00c3b5285d5185747c2fb0b1400efda02e96799836315e7e492bb4a059b14acb2142d  naxsi-1.3.tar.gz
c49c81dbdb8bd507fccf31295e603cea8f0a964867c27eff0436dcea3b4a547c8ae2f11ecf49c4d82c693cf8138c17ebbed395738539d0d61254951e5f0db7e3  ngx_cache_purge-2.3.0.1.tar.gz
8adb7453c27748f4e685e3352e9b318b408da818754dc5b6244e908423941a8ba337561104f6e481f2553cbc0e334dcea73b57f8e810a9d6e974bb69ff8859e5  upstream-fair-0.1.3.tar.gz
2743d9aea60bd4984b650213e571cf27e6ff5b3db708242ccb53b8fc669d1cc82ee224ba79aee2f6969b6e13821cfdd3df7b412541e1fdbb867ecc95326e07e1  sysguard-2.2.0.tar.gz
1117ca5887822e002d9995c041435fda53890614fd7309ea011a59bfb0df3261fc7ba8670e93aaee9116cda16b9806921a85f52c9959b093f2e5ac5df4d9b0fb  anonymise.patch
2dca2ac74fb92e330fde7b6b6120b2fd2565c377a629c9536cf77beebe41aa4b092d4229d5b487b0fb02be4f2cc5b897c429c87bbbbc7b0d31e1cbb94231ddce  sysguard.patch
72888c43cec3203cafe1c5e018be464129a220913c21e0abe5ca57ad0649b7120d419ede9b37181def3daad7f08b1c1afdacb33a20aa148ce1d1b9ce3b5b2a33  nginx.initd
01b77cff16f6e8bfd7fa1d4d20f625bbcddd08f0509173452d060c342c93dc315a7b0560f4734323a5d29ea294de0491f2e3f32e5337574e1a28ebc005eceea8  nginx.logrotate
a1a1d9dbd65955b458d17918138fc65bf8990c46909ef43940b1633458c8f119eb485939179b6a9a3dac0c3b58c1eb0c5aec44e7b25ea7a34969c4a0807d4788  nginx.conf
ed1257ca2c0f687e24ebfd5446c472a592a9f7abea022bd04b3dd519631cc235f448027aabf699a89cb7aa4d5761031d44dffcd33d02fd17db0c93da0d5e8689  default.conf
8067c78b00e9fd89141b7a70fdc39ab1095a89c97abc8c9a37df26bef40785715dabdae19bce596ec3c3baff00f9022e2f24c7f5d884590857773e87aae75734  sysguard.conf"
